mirror of
https://github.com/github/codeql-action.git
synced 2025-12-30 03:00:13 +08:00
034374eb3f
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
103 lines
3.3 KiB
YAML
Generated
103 lines
3.3 KiB
YAML
Generated
# Warning: This file is generated automatically, and should not be modified.
|
|
# Instead, please modify the template in the pr-checks directory and run:
|
|
# pr-checks/sync.sh
|
|
# to regenerate this file.
|
|
|
|
name: PR Check - Config export
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GO111MODULE: auto
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- releases/v*
|
|
pull_request:
|
|
types:
|
|
- opened
|
|
- synchronize
|
|
- reopened
|
|
- ready_for_review
|
|
schedule:
|
|
- cron: '0 5 * * *'
|
|
workflow_dispatch:
|
|
inputs: {}
|
|
workflow_call:
|
|
inputs: {}
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
concurrency:
|
|
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
jobs:
|
|
config-export:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- os: ubuntu-latest
|
|
version: linked
|
|
- os: ubuntu-latest
|
|
version: nightly-latest
|
|
name: Config export
|
|
if: github.triggering_actor != 'dependabot[bot]'
|
|
permissions:
|
|
contents: read
|
|
security-events: read
|
|
timeout-minutes: 45
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Check out repository
|
|
uses: actions/checkout@v6
|
|
- name: Prepare test
|
|
id: prepare-test
|
|
uses: ./.github/actions/prepare-test
|
|
with:
|
|
version: ${{ matrix.version }}
|
|
use-all-platform-bundle: 'false'
|
|
setup-kotlin: 'true'
|
|
- uses: ./../action/init
|
|
with:
|
|
languages: javascript
|
|
queries: security-extended
|
|
tools: ${{ steps.prepare-test.outputs.tools-url }}
|
|
- uses: ./../action/analyze
|
|
with:
|
|
output: ${{ runner.temp }}/results
|
|
upload-database: false
|
|
- name: Upload SARIF
|
|
uses: actions/upload-artifact@v6
|
|
with:
|
|
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
|
|
path: ${{ runner.temp }}/results/javascript.sarif
|
|
retention-days: 7
|
|
- name: Check config properties appear in SARIF
|
|
uses: actions/github-script@v8
|
|
env:
|
|
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
|
|
with:
|
|
script: |
|
|
const fs = require('fs');
|
|
|
|
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
|
|
const run = sarif.runs[0];
|
|
const configSummary = run.properties.codeqlConfigSummary;
|
|
|
|
if (configSummary === undefined) {
|
|
core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
|
|
}
|
|
if (configSummary.disableDefaultQueries !== false) {
|
|
core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
|
|
`${JSON.stringify(configSummary.disableDefaultQueries)}.`);
|
|
}
|
|
const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
|
|
// Use JSON.stringify to deep-equal the arrays.
|
|
if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
|
|
core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
|
|
`${JSON.stringify(configSummary.queries)}.`);
|
|
}
|
|
core.info('Finished config export tests.');
|
|
env:
|
|
CODEQL_ACTION_TEST_MODE: true
|